2FA is a no brainer to support. TOTP is not technically challenging to implement. Supporting U2F also is ideal because the user experience is much nicer.
Auditable access logging is also a no-brainer, particularly an option to enable/disable and configurable alerts. The lack thereof is currently keeping me from actually buying the product, considering the scarcity of info about the security architecture of the system.
The little bit of information I’ve found about digital security and privacy has been reassuring, but there’s so little info published I can’t have much confidence. More detailed and complete documentation about the security and privacy architecture should be considered a core feature for a product that has security uses. Look at LastPass for a great example of how to get this right.
With GDPR imminent, I’d also like to see more information about how users can review, export, and delete all data pertaining to them within the system. What I’ve read so far sounds reasonable from a security/privacy standpoint if the claims are true but I can’t verify those or apparently make any decisions about it if I change my mind after trying the product. All of these concerns are extra important for a product that’s often used for security in the first place.
I’d ultimately really like to see more controls in place that transfer control over data and device access to the owner (purchaser). I’m tech savvy enough to manage my own encryption keys, use my own cloud storage APIs, etc. and just don’t want to have to manage the whole product software lifecycle end to end unnecessarily. I think there are a decent number of potential customers who are in the same boat. We’re also all tech influencers. Our friends and family respect our recommendations about what tech products to use or avoid. What I’ve seen about this product so far looks pretty promising, or else I wouldn’t bother commenting. Can the company deliver the whole package?